Vulnerability Details : CVE-2015-1914
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine.
Products affected by CVE-2015-1914
- cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1914
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1914
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-1914
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1914
-
http://rhn.redhat.com/errata/RHSA-2015-1020.html
RHSA-2015:1020 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1091.html
RHSA-2015:1091 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IV72245
IBM IV72245: FIX SECURITY VULNERABILITY CVE-2015-1916Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1007.html
RHSA-2015:1007 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
[security-announce] SUSE-SU-2015:1085-1: important: Security update forMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1021.html
RHSA-2015:1021 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
[security-announce] SUSE-SU-2015:1086-1: important: Security update forMailing List;Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IV72246
IBM IV72246: FIX SECURITY VULNERABILITY CVE-2015-1914Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
[security-announce] SUSE-SU-2015:1138-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html
[security-announce] SUSE-SU-2015:1161-1: important: Security update forMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/74645
IBM SDK CVE-2015-1914 Sandbox Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html
[security-announce] SUSE-SU-2015:1073-1: important:Mailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1006.html
RHSA-2015:1006 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21883640
IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology EditionVendor Advisory
Jump to